This is a belt-and-suspenders fix to make sure CreateNewBlock() or external mining software can never produce a block that violates the MAX_BLOCK_SIGHASH rule.
It does this by rejecting transactions that do too much signature hashing -- they are not added to the memory pool, and so will not be considered for inclusion in new blocks.
How the code works: every transaction uses up some fraction of the MAX_BLOCK_SIZE limit and the MAX_BLOCK_SIGHASH limit. If a transaction uses up a larger fraction of the SIGHASH limit than the SIZE limit, it is rejected. That ensures that no matter which transactions are selected for the block, the SIZE limit will be hit before the SIGHASH limit.
This is a much simpler solution than modifying CreateNewBlock or external transaction selection software to keep track of the SIZE limit, the SIGOPS limit, AND the new SIGHASH limit.
This is belt-and-suspenders because, in practice, the 100,000-byte IsStandard size limit prevents the block SIGHASH limit from being hit.
The IsStandard code related to the old SIGOPS limit is left unchanged.
Conflicts:
src/main.cpp
Adds a ValidationCostTracker class that is passed to
CheckInputs() / CScriptCheck() to keep track of the exact number
of signature operations required to validate a block, and the
exact number of bytes hashed to compute signature hashes.
Also extends CHashWriter to keep track of number of bytes hashed.
Signature operations per block are limited to MAX_BLOCK_SIGOPS
(unchanged at 20,000)
Bytes hashed to compute signatures is limited to MAX_BLOCK_SIGHASH
(1.3 GB in this commit).
Conflicts:
src/main.cpp
src/miner.cpp
src/script/interpreter.h
Activation code for a two megabyte block size increase.
Activation condition:
750 of 1000 blocks with version bit 0x10000000 set, then a four-week
(28-day) grace period, after which miners may create 2MB
blocks.
Conflicts:
qa/pull-tester/rpc-tests.sh
qa/rpc-tests/bipdersig-p2p.py
src/chainparams.cpp
src/main.cpp
src/miner.cpp
Additionall; Fix unit test.
Instead of relying on default, specify block size.
If number of conflict confirms cannot be determined, this means
that the block is still unknown or not yet part of the main chain,
for example during a reindex. Do nothing in that case,
instead of crash with an assertion.
Fixes#7234.
Github-Pull: #7491
Rebased-From: 40e7b61835
A WWW-Authenticate header must be present in the 401
response to make clients know that they can authenticate,
and how.
WWW-Authenticate: Basic realm="jsonrpc"
Fixes#7462.
Github-Pull: #7472
Rebased-From: 7c06fbd8f5
- Add whitelistforcerelay to control forced relaying.
Also renames whitelistalwaysrelay.
Nodes relay all transactions from whitelisted peers, this
gets in the way of some useful reasons for whitelisting
peers-- for example, bypassing bandwidth limitations.
The purpose of this forced relaying is for specialized gateway
applications where a node is being used as a P2P connection
filter and multiplexer, but where you don't want it getting
in the way of (re-)broadcast.
This change makes it configurable with whitelistforcerelay.
- Blacklist -whitelistalwaysrelay; replaced by -whitelistrelay.
Github-Pull: #7439
Rebased-From: 325c725fb689d113e02a
"permit" is currently used to configure transaction filtering, whereas replacement is more to do with the memory pool state than the transaction itself.
This corrects a bug the case of tying group size where the code may
fail to select the group with the newest member. Since newest time
is the final selection criteria, failing to break ties on it
on the step before can undermine the final selection.
Tied netgroups are very common.
With automatic tor HS support in place we should probably not be providing
absolute protection for local peers, since HS inbound could be used to
attack pretty easily. Instead, this counts on the latency metric inside
AttemptToEvictConnection to privilege actually local peers.
- fix parsing of BIND_NOW with older readelf
- add _IO_stdin_used to ignored exports
For details see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634261#109
- add check-symbols and check-security make targets
These are not added to the default checks because some of them depend on
release-build configs.
- always link librt for glibc back-compat builds
glibc absorbed clock_gettime in 2.17. librt (its previous location) is safe to
link in anyway for back-compat.
Fixes#7420
- add security/symbol checks to gitian
Github-Pull: #7424
Rebased-From: cd27bf51e0475813ba5bf3d3eaf78ea8ce872118a81c87fafc
Add a configuration option `-permitrbf` to set transaction replacement policy
for the mempool.
Enabling it will enable (opt-in) RBF, disabling it will refuse all
conflicting transactions.
Conflicts:
src/init.cpp
src/main.cpp
src/main.h
Github-Pull: #7386
Rebased-From: b768108d9c
Add "bip125-replaceable" output field to listtransactions and gettransaction
which indicates if an unconfirmed transaction, or any unconfirmed parent, is
signaling opt-in RBF according to BIP 125.
Github-Pull: #7286
Rebased-From: eaa8d2754b
